For Office 365 clients, having a robust and scalable Office 365 back-up and recovery solution is becoming increasingly necessary; in 2020 the average cost of a data breach was $3.86 million, and the number of breaches occurring is only increasing.
Having a back-up solution in place that has backed up an organizations database, computers, and VMs can mitigate damage, such as data loss or integrity loss, that can occur during a breach. With a back-up solution, organizations can quickly retrieve any data lost via malicious acts, hardware breaks or accidental deletion.
Why Is Backing Up Data In Office 365 Important?
There are many use cases for backing up data in Office 365. Here are three of the most significant:
It’s the 11th of May 2017, and you’re feeling good. Your organization has just finished finalizing its yearly reports. But, the next morning, WannaCry hits your organization, and every single report and document has been encrypted with an unknown key and is lost.
Data loss can occur in many different forms, including ransomware attack, accidental deletion, or even a computer crash. Backing up data into a cloud solution can prevent loss of those files in the case of accidental or malicious data loss. And if you are in that dire situation, recovering your files via a network connection is more effective than disk drives.
Auditing Compliance/Certification Compliance
All businesses, at some point in their lifecycle, face an audit. This audit could be from a 3rd party regulator or a prospective client who requires a preliminary audit before conducting business. Having a back-up solution in place allows businesses to comply with these audits with ease, as data can be easily provided and passed on to auditors.
In addition, under new data protection regulations, many industries are required to show they have a plan to protect public, sensitive and confidential data. Data back-up solutions can be an integral way for organizations to meet these compliance regulations.
Business continuity refers to an organization’s ability to continue running normal operations following a disruptive incident, such as malware or ransomware. A couple of days’ delay for delivering a nonessential item can be embarrassing, but a couple of seconds of downtime in a critical system in a nuclear reactor can be disastrous. Using Back-up as a service (BaaS), businesses can recover from a ransomware attack in seconds, and continue business operations.
What Are The Most Important Features In A Back And Recovery Solution?
As we’ve seen, there are a number of reasons it’s important that organizations using Office 365 have a strong back-up and recovery solution in place.
When searching for the most appropriate back-up solution for your organization, a few different features and criteria need to be met. Here are the top features you should be looking for in a back-up and recovery solution
1. Auditing Tools And Access Management
Criminal and malicious insiders cost organizations, on average, $871,700 in 2020. Back-ups can store your most sensitive data for long periods of time, and if an individual has access to the back-up data and becomes disgruntled with the employer, they can exfiltrate any of that data.For this reason,the back-up solution must have measures in place to counteract this. For example, if someone edits the data in the back-up or modified the logs, is there a record of it? Does an admin get notified of any change?
Measures to counteract can include requiring user logins for accessing user data (the user would need to contact the individual who data is being restored), using Separation of Duties (having more than one person needed to complete a task or sign off on a task before it is completed/actioned) or keeping a record of all interactions with the system.
2. Search And Preview Capabilities
An excellent back-up solution is only as good as its searching capabilities. Backing up data in a vault may be secure, but if there are no access methods or parsing through the contents, it can lead to workarounds, such as local saving or saving onto a USB, that undermine the system’s security. Useful search functionality should include an intuitive design, keyword searching, specific mailbox or user searching and the functionality to sort by time or period.
3. Recovery/Restore Capabilities
One of the most important features in any back-up solution is data restoration. After organizations have locked information in a vault, the vault doesn’t have much use if the door cannot be reopened and information retrieved.
Organizations need to ask three questions when analyzing restoration functionality. First, how accurate is the data recovery? It’s important that the information restored from the vault is in the same state as the original files and that images restored from the vault are the same quality.
Second, what format can the files be exported from the vault? The industry standard file type for data recovery is PTS, EML or ZIP. Better restore solutions include the feature to recover individual files as they stored.
Finally, does the solution include a non-destructive restore? A destructive restore overwrites all the data within the original file location, possibly deleting and overwriting any new/up-to-date work.
4. Ease Of Set-Up/Maintenance
The complexity of deploying a back-up solution will likely depend on your organization’s size. SMB’s need to look for solutions that offer a simple Azure sync that only involves an admin login. Enterprise-level solutions will require resource in setting up, but will offer more granularity in their features and more support in the process.
It’s also important that there are a good range of alerts offered. Back-up solutions are long term cost saving/compliance solutions. You shouldn’t need to be using a lot of money or resources to maintain and monitor a back-up solution if the back-ups are currently functioning.
Notification settings are essential to this ‘set and forget model’. A good back-up solution will include customizable notification settings for that can be tailored to individual events and people.
5. Compliance With Data Regulations
Increasing data compliance and new data regulations were one of the significant trends of 2020, and this trend is continuing to increase in 2021. Organizations based in the USA need to ensure that the back-up solutions they are using comply with HIPAA standards. For example, if data at rest is encrypted, it needs to be encrypted using the Advanced Encryption Standard 128, 192 or 256-bit encryption.
For UK and European Union based organizations, both the organization and the back-up solution need to be compliant with the General Data Protection Regulation (GDPR). Compliance could involve the data being stored in the same country that it originates. This could be difficult for back-up solutions that use hosted servers.
6. Data Retention Period
Different sectors require different periods of retention for confidential data. In the UK, for example, HMRC’s standard for data retention for records and information is 6 Years +1. Organizations need to find out the maximum retention period of the back-up solutions before signing on with them. It can be costly to exfiltrate and re-ingest data into a new solution, so making sure that you made the right choice of solution the first time around is key.
7. Licensing And Cost
A transparent license model is essential for back-up solutions. Your organization needs to consider the precise costing for user numbers the details of what is covered under licenses. One detail to look out for is how group/shared mailboxes are licensed. Industry-standard shared mailboxes shouldn’t need a license if all users that have access to that mailbox also have a license, but it is always worth checking before being caught out.
8. Support Services
No system has 100% uptime or will run flawlessly forever. For this reason, it’s crucial that you research the customer support each back-up solution offers. Service Level Agreements (SLAs) should be determined before setting up the solution there needs to be clear levels of escalation is an issue persists. Some back-up solutions do not include the cost of support within the user license and bill it out as a separate charge; this should be information covered early on in the research stage, but be sure to double-check before making any final decisions.
9. Performance And Reliability
The final important feature to consider is the success rate of the back-up. The best solutions will have an SLA of the percentage of successful back-ups per month. To ensure that compliance is met and if a breach or ransomware hits an organization’s servers, a goal of 90%+ successful back-up rate will sufficiently prove that the necessary steps were taken to protect the data.
The performance of the back-up is also crucial. Performance relates to the transfer speed of data to the back-up servers, the reliability and the impact on the system. Usability of the O365 environment shouldn’t be affected when a back-up is taking place. Users should still be able to upload documents and data without noticing that upload speed has dropped and a 5-minute task is taking 30.
Top Back-Up and Recovery Vendors
This section is split in two. One for solutions suitable for small to medium businesses (SMBs; 1-1000 users) and one for solutions suitable for enterprise (1000+ users). This is to reflect that the solution’s feature and complexity requirements depend on the company’s size. An SMB needs a solution that’s simple to set up, easy to maintain and comes at a reasonable price. Whereas an enterprise size organization may have more complex data back-up needs and require a more complex solution.
Axcient x360Cloud uses a cloud portal to back up and protects organizations Microsoft 365 data. It provides a complete back-up and restore for Sharepoint, Teams, Exchange Online and Onedrive. Axcient has complete regulatory compliance which includes: GDRP HIPPA and Soc-2. They offer a suite of cloud services, including cloud back-up they offer Sync & Share and Business Continuity & Disaster Recovery.
A few takeaways from setting up and testing the system:
- Straightforward setup. It took 5 minutes to have all users synced across and with data syncing to the back-up servers
- Constant development from Axicent. There are weekly update logs and a feature request function built into the admin portal
- They claim a 20-second average response time for technical support calls. This claim was tested, and the technical response was given in 10 seconds
Ekco has just updated its deployment method to align with other back-up solution in the industry, so setting up an account and beginning the first back up can occur within the first 30 minutes. Ekco offers a 50GB fair usage policy per user, but this is calculated as total space, so if one user has less and another has more, it uses the average.
Ekco has a transparent licensing model and has made it clear that a shared/group mailbox does not need a license, as long as all users who belong to that group/ have access to that mailbox has a license.
Veeam is great for companies with dedicated IT departments or sufficient resources to fulfil the setup demand. Veeam offers a web-based virtual lab to help train users with the setup of their services. The training takes users through all the steps they need to go through in their environment. Requests for the lab take approximately a day to be authorized, then users have 24hrs to go through the training sessions.
Veeam offers a vast selection of solutions for backing different aspects of Office 365 and on-prem environments such as Backup Enterprise Manager, Back Proxy, Veeam Backup Search or Standalone Console. Having this granularity in products enables a tailorable approach to back-ups that organizations can use to set up their specific data needs.
One downside to this solution is that the vast array of features to setup can be complicated and involves many installations to configure the whole suite.
Druva offers fullback-ups of VMs, Databases, Media and Files, supporting 100 terabytes of data and up to 6 data centers. With Druva Phoenix, if data requirements increase, the solution can be scaled on-demand as needed.
For customers who require data to stay in the country of origin for compliance needs, Druva provides complete control over regional data storage which can be assigned per-user or group via simple profile settings. As standard Druva uses AES 256-bit encryption on its data-in-transit. With this standard in place, users can be assured that if a data breach occurs or the data is redirected to a malicious storage location, it is safe. Druva does use Amazon Web Services for data storage; this does enable the services to scale well and has limited downtime but does mean they don’t have complete control over their systems or the physical security of the data.
Back-up solutions are essential for preparing your organization against cyber breaches and data loss. Whether your organization is at enterprise level or an SMB, there are back-up solutions on the market that can help and make the transition to keeping your data stored in a safe location online simple.
To help you compare these solutions, we have compiled a list of the Top 10 Office 365 Back-up and Recovery Solutions, which you can read here.